Andy Huckridge (US) - Visibility into 4G Networks

This summer, two major trends are coming together at the same time: ratification by the IEEE of 40 and 100-Gigabits per second (Gbps) Ethernet speeds and the emergence of commercially available 4G mobile services. These have brought a challenge to organizations with large networks: how to monitor these new technologies.

Network visibility can be the critical factor in heading off the increasing number of attacks, data breaches, outages and service interruptions in large-scale networks. But up to now total visibility of Ethernet networks has been infeasible due to the cost of deploying analytical devices throughout the network. This is exacerbated each time new protocols - demanding new and more specialized forms of monitoring - are introduced. Distributed traffic capture is a new approach to network monitoring that, if done right, can deliver complete, selectable and centralized visibility.

4G offers greater speeds and it gives telecommunications carriers the ability to offer additional services, but it is more complex than current 2G / 3G technologies. LTE has emerged as the dominant 4G technology, but it requires interoperability with existing 2G / 3G networks as well as with competing 4G technologies adopted in some regions such as TD-SCDMA, WiMAX, LTE-Advanced and WiBRO.

The migration to 4G networks, which are based on Internet Protocol (IP), from the carriers' current mix of IP and telecommunications-specific protocols such as SONET / SDH requires new sets of network performance and management practices. This is especially true given consumers' rapid uptake of quad play services (voice, video, VoIP, data) and users' generation and upload of high-bandwidth content. LTE's IP architecture has more potential failure points, so even though high QoS is more important than ever, it will be harder to achieve.

The adoption of the IEEE P802.3ba standard, which supports sending Ethernet frames at 40 and 100 Gbps, increases opportunity and risk still further. For example, 40 Gbps transmission is intrinsically more sensitive to fiber characteristics. This necessitates an understanding of the operational characteristics of the interplay between signal and existing physical media, as well as the trade-offs between characteristics such as signal strength and spectral efficiency. 40 Gbps implementations are already under way by dozens of major carriers in Europe, the Americas and Asia-Pacific, with some of them trialing 100 Gbps.

How Monitoring is Done Now

Network traffic is typically monitored locally, using SPAN ports and/or inline with taps. SPAN ports tend to drop packets at random when the switch is loaded. They do not provide low-level (OSI Layer 2) information about performance issues such as jitter and microbursts, each of which can degrade service levels dramatically. Inline network taps were a direct way to capture traffic before packets are assembled into frames but they have traditionally lacked the traffic processing features and range of port densities necessary to make them more than a stand-alone solution.

A Layered Approach to Traffic Capture

Distributed traffic capture operates as a unified system, linking network infrastructure to the analytical equipment. It is optimally comprised of two layers: 1) inline or SPAN port capture-aggregation, and 2) aggregation-distribution to the monitoring equipment. This design enables flexibility in terms of where the capture points are located and provides for scalability. The system collects the copied traffic at a few or hundreds of points anywhere on the network, grooms it and then forwards the copy to centralized analytical and monitoring devices.

Grooming operations occur in real time, at line rate and solely in hardware, typically resulting in an average propagation delay of two packets or less. The copied traffic may be selectively aggregated, filtered on Layers 2 through 4 depending on the types of analytical tools to which it is going, processed to remove extraneous information such as user identifiable data, and load balanced while maintaining session awareness to ensure that the monitoring equipment is not oversubscribed and that packet order integrity is maintained from point of capture to the monitoring infrastructure.

The key to effective 4G network monitoring is being able to scale a growing number of analytics tools across a growing number of capture points. The emergence of distributed traffic capture devices with onboard intelligence for complex, real-time traffic grooming allows their deployment as a system for total monitoring coverage, while at the same time reducing the deployment costs and achieving a higher ROI for the analytics infrastructure. It is this system - self-aware and self acting - that provides both fault-tolerance and an almost infinite flexibility to scale to handle new protocols, new users, and new services.